Week 02

Based on their two-year studying on cybercrime forums, IntSights and RedOwl recently released a report on how hackers recruited and worked with insiders with access to corporate networks. Recruitment of insiders was increasing, and they found that the forum discussions and insider outreach nearly doubled between 2015 and 2016. Hackers recruited insiders to gain profit either by stealing data, making illegal trades or place malware within a business’ system. Successfully hacking required both tech and domain knowledge, and hackers can leverage an insider to provide domain knowledge. There are three types of people are potential insiders: negligent employees with bad cybersecurity hygiene, disgruntled employees, and malicious employees joining the organization with the intent to defraud. The Dark Web promised anonymity to insiders, and there was even a selection process for insiders on most forums. The forums needed to know where the insiders worked, how access they had, and how timely they could release information.

This would be a warning to all organizations that they have to understand that internal threats might be more serious than external threats. That’s also why background scan for employees and segregation of duty are extremely important in every organization. The access to information and data must be restricted to ensure that unauthorized employees cannot access to confidential information. However, it won’t solve the problem that if the insiders are high-level managers. Therefore, a insider threat program is necessary.

Finally, some good news is posted. The white hats emerged this week after Mozilla revealed that more web pages are now loaded by Firefox using the secure HTTPS protocol than not.

As of 30 January, the figure stood at 50.1%, but it’s been on a steady rise since November 2015 when the figure was under 40%.

The uptake is being helped by initiatives such as the Mozilla and Chrome-backed Let’s Encrypt, which act as an automated certificate authority to provide HTTPS certs to sites for free, and HTTPS Everywhere – a Firefox, Chrome and Opera extension designed to encrypt communications with major websites.

HTTPS is slowly gaining more and more acceptance in the marketplace, with the UK government last year enabled it on sites to protect against Man in the Middle and other attacks. Also, Google switched it on for all BlogSpot domains last year. Although, HTTPS is not a silver bullet, it is still a good sign for cyber security.

An Australian Hotel was hacked and their electronic key card system was compromised. The hotel admitted to paying $1,600 US in bitcoins to unlock doors. The hackers gained access to the system and locked guests out of their rooms.

The hotel admits that is has a very robust IT system and this is not the first hacking attempt. Beyond access to the keycard system, the hackers gained access to the general computing systems in the hotel, shutting down several hotel computers.

After the ransom was paid, the system was returned to normal, but the hotel did find a backdoor that was left by the hackers, allowing the hackers access back into the system. Fortunately the backdoor was found and measure were taken to prevent this from happening in the future.

It’s scary to think what hackers can do and what they will attack. We look at technology as a way of making our lives easier, but hackers view them as an opportunity to make money. Needless to say, nothing is safe in this digital world today!

The cybersecurity firm Trustwave just disclosed an exploit they discovered that affects Netgear routers. They were able to find the same exploit worked in 31 different models from Netgear meaning it is highly likely that if you have Netgear you are vulnerable. The exploit let Trustwave to bypass the password and take all admin rights through a flaw in the password recovery system. The positive news is that unless remote management feature is enabled, the router cannot be exploited remotely. This option is disabled by default on most of Netgear devices. Otherwise the hacker would need physical access to the router to use this exploit. Netgear has responded quickly with a firmware update available from their website.

Ransomware has become the most common form of malware over the past few years. Typically ransomware encrypts your key files and the attacker demands payment, however it is expected that variants will begin to emerge that are designed to modify the infected computer’s Master Boot Record. This will cause the system to boot to a lock screen demanding payment before the attacker will decrypt files and restore access to the main operating system.

Multiple layers of defense are required to counter ransomware. Strong network controls and access controls are very important, however user awareness and training is just as critical to prevent social engineering that allows an attacker to deliver the malware. Finally, always backup your data AND your operating system. In many cases, if you detect the ransomware in a timely manner, you can wipe the OS and restore from backup.

In North Whales cybercrimes are out numbering physical crimes for law enforcement. While burglary and shoplifting has seen a decrease, online crimes are on the rise. Primary targets for these online crimes are businesses and the attack method is the use of ransomware. Online crimes seem to be the safer bet for criminals because the likelihood of getting caught is slim to none in many cases. Gone are the days of walking into a business and robbing them at gun point now you can sit at home with a glass of wine and do a stickup with your keyboard and mouse.

According to the Washington Post in this article by Gizmodo, as may as 123 of 187 cctv cameras were infected with malware during the inauguration in DC. The article does not suggest as to whom is or even could be responsible for the attack. The article does point out though that the use of malware usually signifies a ransom. Hackers will often times corrupt a system with malware and demand money be handed over for the malware to be removed. This slightly eases fears as it hopefully suggests the attackers were seeking finances and not to undermine the cameras for more malicious activities.

In today’s digital world cybersecurity is a necessity in every organization. However, there needs to be a balance between productivity of your employees and the security of the organization. If employees believe that the security team in the organization is making them go through drastic measures for the sake of security, then employees could circumvent these measures for their convenience. Newman states that an organization should “never sacrifice security for productivity,” which I believe is an extremely important point. Let’s say for example a user wanted to remote into their computer from a public WiFi hotspot that is not secure. If that employee did not want to go through the time and use a token to remote into their desktop and VPN in they could install Chrome Remote Desktop and circumvent these security protocols. This could create an unencrypted connection to your work PC that could easily be hacked by someone who is sniffing traffic on the network. Unfortunately, employees have stated that 92% of their organization’s remote-access policies hamper productivity. Organizations need to educate employees on how to not go against these policies as well teach them how to use these security measures properly as to ease the burden on them.

If you’re a Netflix subscriber and use it on your Android devices, be careful that you don’t download the wrong one! This fake app is a malware that takes over your devices, to include camera, microphone, view your contacts, and read your text messages. It is essentially used to spy on you. Zscaler described it as a ‘well-crafted’ piece of spyware. Once the user press on the icon, the app will disappear making you think it was deleted, but it is only releasing the Trojan to take over your device. Once it is infected, the hacker can activate your microphone and listen to live conversations or turn on your camera and spy on you. They can also copy files from the device and send to a command and control centre. The good news is if you are downloading apps from a legitimate source, then you are probably safe. The article states that downloading it from non-official sites is what puts you at risk.

Interesting article that discusses how most cyber attacks are not overly complicated. It outlines a high level approach on how the author would carry out a simple hack to a network. The author mentions some of the topics that we have been discussing in class such as using very basic social engineering based of simple reconnaissance from users’ social media sites. For example, targeting a user that shows a strong political interest throughout their posts. Sending a phishing email that attacks this interest. He also mentions using pivoting and password spraying to try and gain access to any external facing servers.